Karyn Harty is a partner at McCann FitzGerald in Dublin. I spoke to her at Relativity Fest in Chicago about the benefits of the GDPR, about the perception of privacy beyond the EU, and about the extension of eDiscovery skills and tools into other areas of legal practice.
Before it took effect, the perception of the GDPR was largely one of doom and gloom, with a focus on its burdens and specifically on fines. I asked Karyn Harty what it looked like now from an Irish perspective.
Karyn Harty said organisations had generally embraced the GDPR, not least because it brought clarity to rights and obligations. Data Subject Access Requests have proved challenging, mainly because of their shortened time limits, and they were a burden if you have a lot of them. Overall, however, there is a growing sense that data privacy is important, and clients are doing their best to protect privacy, building it into their processes.
Employees, as well as customers, benefitted from this. The demand for skills outstrips the available pool of skills as the Irish economy grows. Anything which contributes to attracting and keeping good employees is important.
Karyn Harty’s understanding is that notifications to the Data Commissioner have risen in Ireland as in the UK, perhaps because people are reporting small breaches as well as big ones. It helps that the Irish Data Commissioner has adopted a pragmatic response, making suggestions to help companies understand their obligations and to encourage training.
Data privacy has always conflicted with US discovery obligations, and the GDPR might be expected to exacerbate this conflict. Karyn Harty is a member of a Sedona Conference working party exploring the difficulties likely to arise in relation to legal holds. It is challenging for organisations, with or without the US element, to steer a course between retention against possible demands of litigation or regulation, on the one hand, and GDPR duties to dispose of documents and data on the other.
Companies were increasingly asking the Data Protection Commissioner for guidance about such matters, and had found that, in this area as in others, it was possible to have a helpful dialogue when problems arose. To some extent, the deliberately loose drafting of parts of the GDPR allowed that kind of evolution, avoiding some of the problems caused when prescriptive rules meet changing technology.
Overall, Karyn Harty said, international attitudes to data protection are changing. The US was railing against the GDPR 18 months or so ago, but there is now a general acceptance that it is a good thing. This is true also in APAC and the Middle East.
McCann FitzGerald was one of the first firms I came across which had extended its eDiscovery skills and tools into other areas of practice where large volumes of data were involved, developing a digital services team which works across the business.
Machine learning and analytics were proving useful in compliance areas, and McCann FitzGerald had itself developed applications for specific purposes. It worked closely with clients’ in-house teams, building solutions which worked for everyone.